You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2022-12-21 15:17:33

francois-teclib
Expert GLPI
From: TECLIB
Registered: 2006-11-05
Posts: 74
Website

GLPI 9.5.11

This is a security release, upgrading is recommended

9.5.11-DOWNLOAD_GLPI-green.svg?logo=php&logoColor=white&style=for-the-badge?logo=php&logoColor=white&style=for-the-badge

Below, you'll find a short list of key points of this release:

  • [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)

  • [SECURITY - Low] Stored XSS in user information (CVE-2022-39372)

  • [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)

  • [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)

  • [SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234)

  • [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)

  • [SECURITY - Moderate] XSS in external links (CVE-2022-39277)

  • [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)

  • [SECURITY - High] SQL Injection on REST API (CVE-2022-39323)

Besoin d'un support professionnel pour GLPI ? Pensez à GLPI Network ! https://glpi-project.org/fr/tarifs/

Connaissez-vous l'offre Cloud maintenue et supportée par l'équipe qui édite GLPI ?
Vous pouvez tester gratuitement pendant 45 jours ! https://glpi-network.cloud (ou plus si besoin)

Offline

Pages: 1

Board footer

Powered by FluxBB